Content Discovery


# Fuzzing Wordlists

# Fuzzing and Content Discovery


# Fuzz non-printable characters in any user input
# Could result in regex bypass, account takeover...
0x00, 0x2F, 0x3A, 0x40, 0x5B, 0x60, 0x7B, 0xFF
%00, %2F, %3A, %40, %5B, %60, %7B, %FF

JS extraction

# Extract endpoint from JS files (
ruby extract.rb

# Check for broken links and domain takeover
# For twitter, TwitterBFTD is great
$ blc -rof --filter-level 3
$ blc -rfoi --exclude --exclude --filter-level 3


$ python3 -u -f -e php,xml,txt -t 10 -w wordpress.fuzz.txt

# getallurls (gau) fetches known URLs from AlienVault's Open Threat Exchange,
# the Wayback Machine, and Common Crawl for any given domain

# It can be used to map and discover new targets (endpoints, domains, subdomains...)

$ printf | gau
$ cat domains.txt | gau
$ gau